gamma-enterprise-rbac
Implement enterprise role-based access control for Gamma integrations. Use when configuring team permissions, multi-tenant access, or enterprise authorization patterns. Trigger with phrases like "gamma RBAC", "gamma permissions", "gamma access control", "gamma enterprise", "gamma roles".
80
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/gamma-pack/skills/gamma-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly identifies its niche (Gamma-specific RBAC), provides explicit trigger terms, and answers both what and when. Its main weakness is that the specific capabilities could be more concrete—listing actual actions like 'create roles, assign permissions, configure tenant isolation' rather than broad categories like 'enterprise authorization patterns.'
Suggestions
Add more concrete actions such as 'create roles, assign user permissions, configure tenant isolation, define access policies' to improve specificity beyond category-level descriptions.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain ('enterprise role-based access control for Gamma integrations') and mentions some actions like 'configuring team permissions, multi-tenant access, or enterprise authorization patterns,' but these are more like categories than concrete specific actions (e.g., no mention of creating roles, assigning permissions, defining policies, etc.). | 2 / 3 |
Completeness | The description clearly answers both 'what' (implement enterprise RBAC for Gamma integrations) and 'when' (configuring team permissions, multi-tenant access, enterprise authorization patterns), with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | The description explicitly lists natural trigger phrases like 'gamma RBAC', 'gamma permissions', 'gamma access control', 'gamma enterprise', 'gamma roles', and also includes terms like 'team permissions', 'multi-tenant access', and 'enterprise authorization patterns' which provide good keyword coverage. | 3 / 3 |
Distinctiveness Conflict Risk | The description is highly specific to 'Gamma integrations' combined with RBAC/enterprise access control, creating a clear niche that is unlikely to conflict with generic permission or access control skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides highly actionable, executable TypeScript code for implementing RBAC around Gamma's API, with a clear explanation that Gamma itself lacks per-user auth. However, it's somewhat verbose for a skill file — generic patterns like quota management and audit logging inflate the content without being Gamma-specific. The workflow lacks validation checkpoints important for security-critical authorization setup.
Suggestions
Add explicit validation/testing checkpoints after key steps (e.g., 'Test: attempt a generation as a viewer role and verify 403 response') to improve workflow clarity for this security-sensitive domain.
Extract the multi-tenant service, quota system, and audit logging into separate bundle files, keeping SKILL.md focused on the core role definition and middleware pattern with references to detailed implementations.
Remove the permission matrix table since it duplicates the PERMISSIONS constant already defined in the code, or keep only the table and remove the redundant code constant.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes some verbosity that could be trimmed. The access model diagram and key point callout are useful, but the multi-tenant and quota sections add significant length for patterns that are generic application-layer concerns not specific to Gamma. The permission matrix duplicates what's already defined in the code. | 2 / 3 |
Actionability | The skill provides fully executable TypeScript code for every step — role definitions, middleware, multi-tenant isolation, quota checking, and audit logging. Code is copy-paste ready with realistic Express.js patterns, database calls, and proper type annotations. | 3 / 3 |
Workflow Clarity | Steps are clearly numbered and sequenced (define roles → middleware → multi-tenant → quotas → audit), but there are no validation checkpoints or feedback loops. For an enterprise RBAC system involving security-sensitive operations, there should be explicit verification steps (e.g., test that unauthorized users are rejected, validate role assignments before deployment). | 2 / 3 |
Progressive Disclosure | The content is a long monolithic file with no bundle files to offload detailed code examples. The multi-tenant service, quota system, and audit logging could each be separate reference files. The reference to `gamma-install-auth` and `gamma-migration-deep-dive` suggests a broader skill ecosystem but no bundle structure supports navigation. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.